Before you go...

Get a free, no-obligation destruction plan tailored to your organisation. We respond within one business day.

No spam. We will contact you once with your plan. Unsubscribe any time.

Back to Resources
Share:
Guide 6 min read February 2025

How Long Should Your Business Keep Documents? A Practical Retention Guide for Malaysian Companies

One of the most common compliance questions we hear from clients is deceptively simple: how long do we actually need to keep this? Keeping documents too long is a PDPA liability. Destroying them too soon is a legal and commercial risk. Getting the balance right requires a documented retention schedule — and knowing which laws set the minimum periods for your document types.

Why retention periods matter on both ends

There are two distinct risks in document retention, and organisations typically only worry about one of them.

The more obvious risk is destroying documents too soon. If you are the subject of a tax audit, a legal dispute, or a regulatory investigation, and you cannot produce the documents that should have been retained, the consequences range from adverse findings to criminal liability. Courts and regulators treat missing records with significant suspicion.

The less understood risk is retaining documents too long. Under the PDPA's Retention Principle, personal data must not be kept beyond the period necessary for the purpose it was collected. Every day a document containing personal data sits in your filing system beyond its required retention period, you are in technical breach of the Act. More practically, it means your data exposure in the event of a breach is larger than it needs to be.

A documented retention schedule that specifies both the minimum and maximum retention period for each document type — and what happens at the end of that period — is the foundation of good information governance and the starting point for any PDPA compliance programme.

General retention periods for Malaysian businesses

The following periods reflect the requirements of Malaysian law for the most common business document categories. Always verify against your sector's specific regulatory requirements, which may impose longer minimums.

  • Financial and accounting records — Minimum 7 years under the Companies Act 2016 and Income Tax Act 1967. This includes general ledgers, journals, invoices, receipts, and supporting documentation.
  • Tax records and supporting documents — Minimum 7 years from the relevant year of assessment under the Income Tax Act 1967. The Inland Revenue Board (LHDN) may request records going back this far in an audit.
  • Employment records (active employees) — For the duration of employment, with key records (contracts, performance reviews, pay records) retained throughout.
  • Employment records (after departure) — Minimum 6 years after the date of termination or resignation. EPF, SOCSO, and income tax obligations require access to historical payroll data during this period.
  • Contracts and commercial agreements — 6 years from the date of expiry or termination, reflecting the standard limitation period under the Limitation Act 1953 during which contract claims may be brought.
  • Client and customer files — Varies significantly by industry. As a general rule, 7 years from the date of the last transaction or engagement is a widely applied minimum in professional services.
  • Medical records — Minimum 7 years from the date of last treatment for adults; for minors, records must be retained until the patient reaches age 25, or for 7 years after the last treatment, whichever is longer.
  • Company statutory records — Minimum 7 years under the Companies Act 2016. This includes minutes of meetings, resolutions, and sha
    Ready to protect your organisation?

    Get a free consultation from Grass Stories Sdn Bhd — Sarawak’s trusted document destruction specialist.

    Get a Free Quote →

Related Articles

Guide

Office Relocation and Document Destruction: A Checklist for Sarawak Businesses

 PDPA

PDPA Compliance for Malaysian Businesses: What You Need to Know About Document Disposal

 Security

Why Deleting Files Isn\'t Enough: The Hidden Data Risk in Your Old Hard Drives
Pricing

Transparent Pricing, Tailored to You

We don't believe in one-size-fits-all pricing. Every quote is based on your actual requirements — volume, service type, and frequency. Every client's situation is different, so we don't list prices online — a detailed quote takes one business day and is always completely free.

Our Services

What Affects Your Quote

Our pricing is straightforward — based on the factors below. Submit an enquiry and we will respond with a clear, itemised quote within 1 business day.

Off-Site Destruction

Collection and certified destruction of paper documents and materials at our secure facility.

  • Volume — estimated weight or number of boxes / bags of material
  • Location — collection address within Miri and surrounding areas
  • Type of materials — standard paper, files, bound volumes, or mixed media
  • Witnessing / remote monitoring — if you wish to observe the destruction
One-off collection: Ideal for archive clear-outs, office moves, or periodic purges. Priced per collection.
Most Popular

Scheduled Collection Plan

An ongoing collection programme on your chosen frequency — weekly, fortnightly, or monthly.

  • Collection frequency — weekly, fortnightly, or monthly
  • Volume per cycle — estimated volume per collection visit
  • Number of locations — single or multiple collection points
  • Reporting requirements — standard or consolidated certificates
Best value: Regular clients on scheduled plans benefit from consistent service, priority scheduling, and consolidated documentation for compliance.

Hard Drive & Media Destruction

Physical destruction of hard drives, SSDs, USB drives, tapes, optical discs, and other digital storage media.

  • Quantity — number of drives or media items for destruction
  • Media type — HDDs, SSDs, tapes, optical media, USB drives
  • Serial number logging — per-device certificate documentation
  • Witnessing / remote monitoring — optional for high-security requirements
IT asset disposal: Particularly suitable for companies upgrading hardware, decommissioning servers, or clearing end-of-life IT equipment.
What to Expect

How Our Quoting Process Works

We keep it simple. No hidden charges, no confusing packages — just a fair price based on what you actually need.

01

Submit Your Enquiry

Use our contact form or call us directly. Tell us your service type, estimated volume, and location. No commitment required.

02

We Assess & Quote

Within 1 business day, we will review your requirements and provide a clear, itemised quote — no vague estimates.

03

You Decide

Accept the quote on your own timeline. There is no pressure and no obligation. We are here when you are ready.

04

We Handle Everything

Collection, destruction, documentation — we manage the entire process and deliver your Certificate of Destruction promptly.

Common Questions

Pricing FAQs

No. We do not impose a minimum volume. Whether you have a single box of documents or an entire archive room, contact us and we will recommend the most cost-effective approach for your situation.

No. Our quotes are fully itemised and transparent. The Certificate of Destruction is included in every service — it is not an add-on. If serial number logging per device is required for hard drive destruction, we will include this in the quote so you know exactly what you are paying for.

Never. All consultations, site assessments, and quotes are completely free of charge with no obligation whatsoever. We believe in earning your trust before asking for your business.

Yes. Clients on scheduled collection plans or those with consistently high volumes benefit from more favourable rates. When you submit your enquiry, let us know your expected frequency and volume and we will factor this into your quote.

Quote Estimator

Get a Ballpark Figure

Not ready to call yet? Use our estimator to get a rough sense of cost before you enquire. Every quote is confirmed free within one business day.

RM —
Select your options above to see an estimate.

Ready for a Free Quote?

No obligation. No pressure. Just a clear, honest price based on what you need.

Chat with us